580 likes | 705 Views
Software Defined Networking (SDN). Marco.Cello@unige.it DITEN – Università di Genova Talk @ IEIIT – Consiglio Nazionale delle Ricerche (CNR) Genova 28 Marzo 2014. Material from:
E N D
Software Defined Networking (SDN) Marco.Cello@unige.it DITEN – Università di Genova Talk @ IEIIT – Consiglio Nazionale delle Ricerche (CNR) Genova 28 Marzo 2014 Material from: • Scott Shenker (UC Berkeley), “Software-Defined Networking at the Crossroads”, Standford, Colloquium on Computer Systems Seminar Series (EE380), 2013. • Scott Shenker (UC Berkeley), “A Gentle Introduction to Software Defined Networks”, Technion Computer Engineering Center, 2012. http://tce.technion.ac.il/files/2012/06/Scott-shenker.pdf • Scott Shenker (UC Berkeley), “The Future of Networking, and the Past of Protocols”, Open Network Summit, 2011. http://www.opennetsummit.org/archives/oct11/shenker-tue.pdf • Nick McKeown (Stanford), ITC Keynote, San Francisco, 2011. http://yuba.stanford.edu/~nickm/talks/ITC%20Keynote%20Sept%202011.ppt Presented by Gregory Kesden in 14-848, Fall 2017 1
A Short History of SDN ~2004: Research on new management paradigms RCP, 4D [Princeton, CMU,….] SANE, Ethane [Stanford/Berkeley] 2008: Software-Defined Networking (SDN) NOX Network Operating System [Nicira] OpenFlow switch interface [Stanford/Nicira] 2011: Open Networking Foundation (~69 members) Board: Google, Yahoo, Verizon, DT, Microsoft, Facebook, NTT Members: Cisco, Juniper, HP, Dell, Broadcom, IBM,….. 2013: Latest Open Networking Summit 1600 attendees, Google: SDN used for their WAN Commercialized, in production use (few places) 2
Why Was SDN Needed? • Networks are hard to manage • Computation and storage have been virtualized • Creating a more flexible and manageable infrastructure • Networks are still notoriously hard to manage • Network administrators large share of sysadmin staff • Networks are hard to evolve • Ongoing innovation in systems software • New languages, operating systems, etc. • Networks are stuck in the past • Routing algorithms change very slowly • Network management extremely primitive • Networks design not based on formal principles • OS courses teach fundamental principles • Mutual exclusion and other synchronization primitives • Files, file systems, threads, and other building blocks • Networking courses teach a big bag of protocols • No formal principles, just general design guidelines 3
Networks design not based on formal principles • Networks used to be simple • Basic Ethernet/IP straightforward, easy to manage • New control requirements have led to complexity • ACLs, VLANs, TE, Middleboxes, DPI,… • The infrastructure still works... • Only because of our great ability to master complexity • Ability to master complexity both blessing and curse 4
How Programming Made the Transition • Machine languages: no abstractions • Had to deal with low-level details • Higher-level languages: OS and other abstractions • File system, virtual memory, abstract data types, ... • Modern languages: even more abstractions • Object orientation, garbage collection,... Abstractions simplify programming Easier to write, maintain, reason about programs Abstractions are the way we extracted simplicity So, what role do abstractions play in networking? 5
The Two Networking “Planes” • Data plane: processing and delivery of packets with local forwarding state • Forwarding state + packet headerforwarding decision • Control plane: compute the state in routers (forwarding state) • Determines how and where packets are forwarded • Routing, traffic engineering, firewall state, … • Implemented with distributed protocols, manual configuration (and scripting) or centralized computation • These different planes require different abstractions 6
Data Plane Abstractions: Layers Applications …built on… Reliable (or unreliable) transport …built on… Best-effort global packet delivery …built on… Best-effort local packet delivery …built on… Local physical transfer of bits 7
(Too) Many Control Plane Mechanisms • Variety of goals: • Routing: distributed routing algorithms • Isolation: ACLs, VLANs, Firewalls,… • Traffic engineering: adjusting weights, MPLS,… • No modularity, limited functionality • Control Plane: mechanism without abstraction • Too many mechanisms, not enough functionality
What abstractionsshouldwe applyto the control plane?
The Control Plane Problem • Control plane must compute forwarding state. To accomplish its task, the control plane must: • Figure out what network looks like (topology) • Figure out how to accomplish goal on given topology • Tell the swtiches what to do (configure forwarding state) • We view this as a natural set of requirements.... • And we require each new protocol to solve all three This is crazy!
Programming Analogy • Whatifyouweretold towriteaprogramthat must… • Beawareof thehardwareyou wererunningon • Specify whereeachbit was stored • Programmerwouldimmediatelydefineabstractions: • Machine-independentinterface • Virtualmemory interface • Programmersuseabstractionstoseparateconcerns • Networkdesignersshouldtoo!
The Control Plane Problem • Control plane must compute forwarding state. To accomplish its task, the control plane must: • Figure out what network looks like (topology) • Figure out how to accomplish goal on given topology • Tell the swtiches what to do (configure forwarding state) • What components do we want to reuse? • Determining the topology information 3. Configuring forwarding state on routers/switches • You now know everthing you need about SDN: • It is the use of those two control planes abstractions 13
SDN: Two Control Plane Abstractions • Abstraction: global network view • Provides information about current network • Implementation: “Network Operating System” • Runs on servers in network (replicated for reliability) • Abstraction:forwarding model • Provides standard way of defining forwarding state • This is OpenFlow • Specification of <match,action> flow entries
Network of Switches and/or Routers SDN is “Layers” for Control Plane Traditional Control Mechanisms routing, access control, etc. ControlProgram Global Network View Distributedalgorithmrunningbetweenneighbors Network OS (e.g. NOX) Complicatedtask-specific distributedalgorithm Forwarding Model 15
Example1: OSPF and Dijkstra • OSPF • RFC 2328: 245 pages • Distributed System • Builds consistent, up-to-date map of the network: 101 pages • Dijkstra’s Algorithm • Operates on map: 4 pages
Example2: Load Balancing Optimal Load Balancer: Ideally each HTTP request would be sent over a path which is lightly loaded to a server which is lightlyloaded in order to minimize the request 18
Example2: Load Balancing Current Load Balancer: it can choose only the lightly loaded server KEMP Technologies LoadMasterTM 2400 19
Example2: Load Balancing N. Handigol, S. Seetharaman, M. Flajslik, R. Johari, and N. McKeown. Aster*x: Load-balancing as a network primitive. 9th GENI Engineering Conference (Plenary), November 2010 21
Specification Abstraction • Control program must express desired behavior • Whether it be isolation, access control, or QoS • It should not be responsible for implementing that behavior on physical network infrastructure • Requires configuring the forwarding tables in each switch • Proposed abstraction: Virtual Topology of network • Virtual Topology models only enough detail to specify goals • Will depend on task semantics 22
Simple Example: Access Control • Operator’s goal: prevent A’s packets from reaching B • Control program does so with access control entries: • Control program must respond to topology/routing changes • Makes it hard to write correct control program A AB drop Global Network View AB drop B 23
Network Virtualization • Introduce new abstraction and new SDN layer • Abstraction: Virtual Topology • Allows operator to express requirements and policies • Via a set of logical switches and their configurations • Layer: Network Hypervisor • Translates those requirements into switch configurations • “Compiler” for virtual topologies 24
Virtualization Simplifies Control Program Abstract Network View A AB drop B Hypervisor then inserts flow entries as needed A AB drop Global Network View AB drop B 25
ControlProgram SoftwareDefinedNetwork Virtual Topology Network Hypervisor Global Network View Network OS
Clean Separation of Concerns • Control program: express goals on Virtual Topology • Operator Requirements • Configuration = Function(view) • Not a distributed protocol, now just a graph algorithm • NetworkHypervisor: Virtual TopologyGlobal Network View • Network OS: Global Network View physical switches • Gathers information for global network view • Conveys configurations from control program to switches • Router/switches: merely follow orders from NOS • Clean separation of control and data planes • Not packaged togheter in proprietary boxes • Enables use of commodity hardware, 3rd party software • Easier to write, maintain, verify, reason about, …
SDN:LayersfortheControlPlane ControlProgram Abstract Network View NetworkVirtualization Global Network View Network OS
Abstractions Don’t Eliminate Complexity • Everycomponentofsystemistractable • NOS,Virtualizationare still complicatedpiecesof code • SDNmainachievements: • Simplifiesinterface for control program(user-specific) • Pushescomplexityinto reusablecode(SDNplatform) • Justlikecompilers….
Virtualization is Killer App for SDN • Consider a multi-tenant datacenter • Want to allow each tenant to specify virtual topology • This defines their individual policies and requirements • Datacenter’s network hypervisor compiles these virtual topologies into set of switch configurations • Takes 1000s of individual tenant virtual topologies • Computes configurations to implement all simultaneously • This is what people are paying money for…. • Enabled by SDN’s ability to virtualize the network 30
Four Crucial Points • SDNismerelysetofabstractionsforcontrolplane • Notaspecificset of mechanisms • OpenFlowis least interestingaspectof SDN,technically • SDNinvolvescomputingafunction…. • NOS handlesdistributionof state • …onanabstractnetwork • Canignoreactualphysicalinfrastructure • Networkvirtualizationisthe“killerapp” • Alreadyvirtualizedcompute, storage;network is next
Does SDNhave larger implications? Asidefromprovidingeasiernetworkmanagement, howwillSDNchangetheworldofnetworking?
Control/Data Planes Become Separate • Currently control plane tied to data plane • NOS runs on servers: observes/controls data plane • Changes the deployment and business models • Can buy the control plane separately from the switches • Enabling commodity hardware and 3rd party software • Changes the testing model • Simulator to analyze large-scale control planes
Networking Becomes Edge-Oriented • Canimplementmostcontrol functionalityatedge • Access control,QoS, mobility, migration,monitoring… • Networkcoremerelydeliverspacketsedge-to-edge • Current protocolsdo agoodjob (mostly) • Letedgehandleallcomplexity • Complicatedmatching, actions • “Overlay” networkingviatunnels • Thishastwo importantimplications
1. Makes SDN Incrementally Deployable • HostsoftwareoftenhasOpenFlowswitch • Open vSwitch(OVS)inLinux,Xen,… • Theedgebecomesasoftwareswitch • Coreofnetworkcan be legacyhardware • EnablesincrementaldeploymentofSDN • Might never needOpenFlowinhardwareswitches….
2. Networking Becomes Software-Oriented • Allcomplicated forwardingdoneinsoftware(edge) • Andcontrolplane isaprogram(onaserver)… • …not aprotocol(on aclosedproprietary switch/router) • Weareprogrammingthenetwork,notdesigningit • Focus onmodularityandabstractions, not packetheaders • Innovationatsoftware,nothardware,speeds • Softwarelendsitselftocleanabstractions
SDN Vision: Networks Become “Normal” • Hardware:Cheap,interchangeable,Moore’sLaw • Software:Frequentreleases,decoupledfromHW • Functionality:MostlydrivenbySW • Edge(softwareswitch) • Controlprogram • Solidintellectual foundations
Recap - The network is changing Feature Feature Network OS Feature Feature Feature Feature Feature Feature Feature Feature Feature Feature OS Custom Hardware OS Custom Hardware OS Custom Hardware OS Custom Hardware OS Custom Hardware 39
2. At least one Network OSprobably many.Open- and closed-source Recap - Software Defined Network (SDN) 3. Consistent, up-to-date global network view Control Program 1 Control Program 2 1. Open interface to packet forwarding Network OS Packet Forwarding Packet Forwarding Packet Forwarding Packet Forwarding Packet Forwarding 40
OpenFlow Basics Control Program B Control Program A Network OS OpenFlow Protocol Control Path OpenFlow Ethernet Switch Data Path (Hardware) 41
Primitives <Match, Action> Header Data Match: 1000x01xx0101001x • Match arbitrary bits in headers: • Match on any header, or new header • Allows any flow granularity • Action • Forward to port(s), drop, send to controller • Overwrite header with mask, push or pop • Forward at specific bit-rate 42
OpenFlow Basics Control Program B Control Program A Network OS “If header = p, send to port 4” “If header =q, overwrite header with r, add header s, and send to ports 5,6” Packet Forwarding “If header = ?, send to me” Flow Table(s) Packet Forwarding Packet Forwarding 43
More sophisticated flow identification Application level flow 44
More sophisticated flow identification IP flow 45
More sophisticated flow identification Custom flow 46
More sophisticated flow identification My flow 47
SDN “Implementations” – Software/Hardware Forwarding Model OpenFlow ForCES Software Switches compliant with OpenFlow std. Open vSwitch Pantou/OpenWRT Ofsoftswitch13 Indigo Controller compliant with OpenFlow std. POX NOX MUL Maestro Available Commodity Switches compliant with OpenFlow std. Hewlett-Packard 8200zl, 6600, 6200zl, Brocade 5400zl, and 3500/3500yl IBM NetIron CES 2000 Series Bruno Astuto A. Nunes, Marc Mendonca, Xuan-Nam Nguyen, Katia Obraczka, and Thierry Turletti, “A Survey of Software-Defined Networking: Past, Present, and Future of Programmable Networks”, Technical Report, http://hal.inria.fr/hal-00825087/PDF/bare_jrnl.pdf 48
SDN Literature - Sources Browsing on proceedings of: ACM Sigcomm; ACM Sigcomm Workshop HotSDN; ACM Sigcomm Workshop HotNets; ACM CoNEXT; USENIX NSDI; USENIX HotCloud; USENIX Hot-ICE; ONS; SDN reading list: http://www.nec-labs.com/~lume/sdn-reading-list.html 49
Controller scalability multi-controller reduce messages sent to controller switch/CPU design approaches Network Updates Programming Testing/Debugging Traffic Management/QoS flow scheduling Load balancing Transport protocol Monitoring Security SDN research areas SDN applications SDN architecture 50